Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
4
Replies

Finding Rouge APs

mallenson
Level 4
Level 4

‎04-03-2003 10:08 AM - edited ‎07-04-2021 08:37 AM

Is there a tool or possibly a feature within Cisco's ACS that will help Identify any APs being added to the network (friend or foe?) Any URL to such an item welcome to discuss such a tools limiations.

Thanks

Labels:
0 Helpful
4 Replies 4

ndoshi
Cisco Employee
Cisco Employee

‎04-06-2003 01:33 PM

Q: What client version is required for the detection of non-leap ap's

(Tattle Tale)? when will this version be posted to CCO?

A: The client firmware that provides the LEAP "tattle tale" feature will

available in future .

The AP will receive a "Potential Rogue AP" message, which falls into "Protocol Alert" category- "Event Disposition" level for Protocol Alert would need to be set to higher level (4=notify) in order to generate SNMP traps.

For detailed information on this topic please refer the Rogue AP Detection and Mitigation Application Note which is available from the Enterprise Solutions Engineering home page, http://wwwin.cisco.com/ent/ese/ by clicking the Wireless and Design Guidance links

----------------------------------------------------------

Preventing Rogue Access Points

The first priority for enterprise IT security departments should be to prevent rogue APs in the first place.

·

**Create and publish policy banning employee installations of WLAN equipment

·

**Physical security of enterprise premises

·

**Provide a supported WLAN infrastructure – removing the motivation for employee installs

·

**Implement IEEE 802.1x Port Based Security

·

**Use Catalyst Switch filters

-----------------------------------------------------

Detecting Rogue APs

In addition to the rogue AP prevention mechanisms mentioned above, a combination of the following rogue AP detection methods should also be used by the IT security administrator;

· Detecting Rogue APs Wirelessly

· Detecting Rogue APs from the wired network

· Detecting Rogue APs by Physical Observation

Nilesh

0 Helpful

mallenson
Level 4
Level 4
In response to ndoshi

‎04-08-2003 03:33 PM

Where does this "client" reside on AP or only on Cisco Wireless NICs?

It appears "clients" report back to AP's and APs send SNMP trap to system to identify the rouge AP, is that right?

Well, instead of asking 10 more questions, could you please reply with another URL reference if there is one for this "Tattle Tale"? FYI, your other URL fails at this time, even though I suspect that only references the ladder items in your first response.

Anyway, thanks for anything else you can provide!!!

0 Helpful

percy.dobbyn
Level 1
Level 1

‎04-10-2003 07:02 AM

have alook at www.isomair.com

0 Helpful

percy.dobbyn
Level 1
Level 1

‎04-10-2003 07:03 AM

have alook at www.isomair.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card